Lucene search
K
ZdiMost viewed

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2011/07/27 12:0 a.m.•38 views

Webkit setAttributes attributeChanged Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Webkit Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS2.1AI score0.03923EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2011/06/27 12:0 a.m.•38 views

Citrix EdgeSight Launcher Service Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix EdgeSight. Authentication is not required to exploit this vulnerability. The flaw exists within the LauncherService.exe component which listens by default on TCP port 18747. When handling a...

10CVSS2.4AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/06/06 12:0 a.m.•38 views

Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib componen...

9CVSS3.1AI score0.04883EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/06/06 12:0 a.m.•38 views

Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib componen...

9CVSS3.5AI score0.05869EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/04/12 12:0 a.m.•38 views

Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the methods used f...

9CVSS4.7AI score0.29971EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2011/03/22 12:0 a.m.•38 views

(0Day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lotus Domino Server Controller. Authentication is not required to exploit this vulnerability. The flaw exists within the remote console functionality which listens by default on TCP port 2050. When...

10CVSS4.1AI score0.10078EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/03/02 12:0 a.m.•38 views

Apple iPhone Webkit Library Javascript Array sort Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's iPhone Webkit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

9CVSS2.3AI score0.02675EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/02/15 12:0 a.m.•38 views

Oracle Java Webstart Trusted JNLP Extension Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

9.7CVSS4.3AI score0.02415EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/02/08 12:0 a.m.•38 views

Adobe Reader ICC Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ICC parsing component of...

9CVSS6.5AI score0.09839EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/02/07 12:0 a.m.•38 views

(0Day) Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way t...

9CVSS4.9AI score0.26523EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2010/12/09 12:0 a.m.•38 views

Mozilla Firefox NewIdArray Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Firefox's...

9CVSS9.4AI score0.04812EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/11/23 12:0 a.m.•38 views

Apple Webkit WholeText Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the wholeText metho...

9CVSS9.2AI score0.06513EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/11/10 12:0 a.m.•38 views

Apple QuickTime FlashPix Max Uninitialized Jpeg Table Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

9CVSS9.4AI score0.02961EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
•added 2010/08/26 12:0 a.m.•38 views

RealNetworks RealPlayer Malformed IVR Object Index Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMed...

10CVSS6.8AI score0.06812EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2010/08/11 12:0 a.m.•38 views

Microsoft Office Word sprmCMajority Record Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists in the parsing of sprmCMajority records...

10CVSS4.7AI score0.39813EPSS
Exploits6References1
Zero Day Initiative
Zero Day Initiative
•added 2010/08/11 12:0 a.m.•38 views

Microsoft Office Word 2007 plcffldMom Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code...

10CVSS4.3AI score0.19399EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/06/08 12:0 a.m.•38 views

Hewlett-Packard OpenView NNM ovwebsnmpsrv.exe Bad Option Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe process which can be reached remote...

10CVSS3.3AI score0.6911EPSS
Exploits4References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/02 12:0 a.m.•38 views

Apple QuickTime H.263 PictureHeader Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within quicktime.qts wh...

10CVSS4.7AI score0.03719EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/02 12:0 a.m.•38 views

Mozilla Firefox libpr0n imgContainer Bits-Per-Pixel Change Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the libpr0n...

10CVSS2.7AI score0.05724EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2010/03/09 12:0 a.m.•38 views

Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the...

10CVSS3.2AI score0.05664EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2009/12/09 12:0 a.m.•38 views

Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious SWF file. The specific flaw exists in the...

9.3CVSS4.3AI score0.09955EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2009/12/09 12:0 a.m.•38 views

Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable vsprintf Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe CGI executable accessible via the I...

10CVSS5.3AI score0.11794EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiative
•added 2009/11/10 12:0 a.m.•38 views

Microsoft Office Excel PivotTable Cache Record Parsing Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists when parsing a document containing a...

9.3CVSS5.3AI score0.25075EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2009/08/07 12:0 a.m.•38 views

CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates Unicenter Software Delivery. Authentication is not required to exploit this vulnerability. The specific flaw resides in the dtscore.dll library. The vulnerability is exposed through...

10CVSS3.7AI score0.07726EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2009/06/08 12:0 a.m.•38 views

Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable software utilizing the Apple WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when the document.body element contains a...

9.3CVSS3.3AI score0.07746EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2009/06/08 12:0 a.m.•38 views

Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of attr functions in a CSS content...

9.3CVSS2.2AI score0.08462EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2009/04/07 12:0 a.m.•38 views

EMC RepliStor Server Service DoASOCommand Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC RepliStor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DoRcvRpcCall RPC function exposed via the repsrv.exe process which listens by defaul...

10CVSS3.8AI score0.07409EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2008/10/08 12:0 a.m.•38 views

Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound b...

10CVSS4.5AI score0.10601EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2008/09/09 12:0 a.m.•38 views

Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

9.3CVSS4.9AI score0.06645EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2008/09/09 12:0 a.m.•38 views

Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of STSZ...

6.8CVSS4.4AI score0.04541EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2008/08/14 12:0 a.m.•38 views

EMC ApplicationXtender Workflow Server Admin Agent Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC ApplicationXtender Workflow Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Admin Agent service awstmxn.exe which listens by...

10CVSS6AI score0.05618EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2008/02/11 12:0 a.m.•38 views

Novell Client NWSPOOL.DLL EnumPrinters Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in nwspool.dll which is responsible for handling RPC requests through...

10CVSS4.9AI score0.23186EPSS
Exploits6References1
Zero Day Initiative
Zero Day Initiative
•added 2008/01/17 12:0 a.m.•38 views

Citrix Metaframe Presentation Server IMA Service Heap Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix Presentation Server. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Independent Management Architecture service, ImaSrv.exe, which listens by default...

10CVSS4.7AI score0.72963EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2007/09/12 12:0 a.m.•38 views

Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MIT Kerberos. Authentication is not required to exploit this vulnerability. The specific flaw exists in the svcauthgssvalidate function. By sending a large authentication context over RPC, a stack...

10CVSS5.3AI score0.10997EPSS
Exploits4References1
Zero Day Initiative
Zero Day Initiative
•added 2007/07/11 12:0 a.m.•38 views

Samba lsa_io_privilege_set Heap Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to LsarAddPrivilegesToAccoun...

10CVSS5.8AI score0.77806EPSS
Exploits23References1
Zero Day Initiative
Zero Day Initiative
•added 2007/07/11 12:0 a.m.•38 views

Samba sec_io_acl Heap Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the SRVSVC RPC interface. When parsing a request to NetSetFileSecurity, he...

10CVSS5.3AI score0.77806EPSS
Exploits23References1
Zero Day Initiative
Zero Day Initiative
•added 2006/08/08 12:0 a.m.•38 views

Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to improper garbage collection when...

7.5CVSS2.3AI score0.41215EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2006/05/11 12:0 a.m.•38 views

Apple QuickTime H.264 Parsing Buffer Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime media player. The specific flaw exists within the parsing of H.264 content. The implicit trust of a user-supplied size value during a memory copy loop allows an attacker to create an...

5.1CVSS6.2AI score0.06516EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/20 12:0 a.m.•37 views

Linux Kernel TIPC Message Reassembly Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with TIPC bearer enabled are vulnerable. The specific flaw exists within the processing of fragmented TIPC...

9CVSS7.3AI score0.01305EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/12 12:0 a.m.•37 views

(Pwn2Own) Microsoft Windows cldflt Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the cldflt kernel...

7.8CVSS7AI score0.15127EPSS
Exploits3References1
Zero Day Initiative
Zero Day Initiative
•added 2024/05/24 12:0 a.m.•37 views

Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the RecordGoodApp method. The issue results from the lack ...

9.8CVSS8.1AI score0.6439EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/05/23 12:0 a.m.•37 views

(Pwn2Own) TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific fl...

7.5CVSS7.5AI score0.00815EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2024/05/19 12:0 a.m.•37 views

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS6.8AI score0.00603EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/04/26 12:0 a.m.•37 views

(Pwn2Own) Oracle VirtualBox E1000 Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

6CVSS5.8AI score0.00389EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/04/23 12:0 a.m.•37 views

Ivanti Avalanche extractZipEntry Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the extractZipEntry method. The issue results from the lack of proper validation of a...

8.8CVSS8.9AI score0.68104EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/03/28 12:0 a.m.•37 views

Linux Kernel nft_exthdr_tcp_eval Stack-based Buffer Overflow Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.3CVSS6.5AI score0.00675EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/03/11 12:0 a.m.•37 views

Apple macOS JP2 Image Parsing Uninitialized Pointer Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...

3.3CVSS6.3AI score0.00447EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/11/15 12:0 a.m.•37 views

Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

7.8CVSS7.2AI score0.02149EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/11/15 12:0 a.m.•37 views

Microsoft Exchange GsmWriter Deserialization of Untrusted Data NTLM Relay Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition or relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of...

8.8CVSS7.2AI score0.16813EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/10/19 12:0 a.m.•37 views

SolarWinds Access Rights Manager createGlobalServerChannelInternal Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createGlobalServerChannelInternal method. The issue results from th...

9.8CVSS8.9AI score0.02376EPSS
Exploits0References1
Total number of security vulnerabilities5000